1 files changed, 56 insertions, 20 deletions

diff --git a/Database/meth_dbuser.php b/Database/meth_dbuser.php
index c0afb8c..1b62b46 100644
--- a/Database/meth_dbuser.php
+++ b/Database/meth_dbuser.php
@@ -24,7 +24,8 @@ class DbUser extends DbMain {
             // Préparation de la requète
             $reqAddUser = "INSERT INTO ".$this->tableUserAccount." 
                 (email, password, inscriptionDate, isClient, isPro, isAdmin) 
-                VALUES (?, ?, ?, ?, ?, ?)";
+                VALUES 
+                (?, ?, ?, ?, ?, ?)";
             // Execution de la requète
             $this->exec_cmd($reqAddUser,
                             array($email,
@@ -51,9 +52,9 @@ class DbUser extends DbMain {
         // Chiffrement du mot de passe
         $crypt = $this->crypt_pass($pass);
         // Execution de la requète
-        $data = $this->exec_cmd($reqCheckCredential, array($email))->fetchAll(PDO::FETCH_ASSOC);
+        $result = $this->exec_cmd($reqCheckCredential, array($email))->fetchAll(PDO::FETCH_ASSOC);
         // Vérifiaction de correspondance email & pass
-        foreach ($data as $rows) {
+        foreach ($result as $rows) {
             if ($rows["password"] == $crypt) {
                 return $rows["userId"];
             }
@@ -61,24 +62,59 @@ class DbUser extends DbMain {
     }
 
     // Mise à jour des infos d'un utilisateur
-    final public function user_infos_update($lastname, $firstname, $job, $degree,
-                                           $capability, $description, $phoneNumber,
-                                           $adress, $zipCode, $city, $userId) {
+    final public function user_infos_update($userInfos, $userId, $isPro, $userJobs = null) {
         // Préparation de la requète pour mise à jour des infos
-        $reqAddInfo = "REPLACE INTO ".$this->tableUserInfo." 
-            (lastname, firstname, job, degree, capability,
-            description, phoneNumber, adress, zipCode, city, userId)
-            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
-        // Exécution de la requète
-        $this->exec_cmd($reqAddInfo,
-                        array($lastname, $firstname, $job, $degree,
-                              $capability, $description, $phoneNumber,
-                              $adress, $zipCode, $city, $userId
-                              )
-                        );
+        // J'ai préféré faire deux requètes distinctes et ne pas utiliser des valeurs
+        // passées par $POST ($key => $value) pour gérer les noms des colonnes 
+        // car je préfère les passer en "dur" dans mes requêtes (risque d'injection SQL?).
+        $reqAddInfoClient = "UPDATE ".$this->tableUserInfo." 
+            SET 
+                lastname = ?, firstname = ?, phoneNumber = ?,
+                adress = ?, zipCode = ?, city = ?
+            WHERE 
+                userId = ?";
+        $reqAddInfoPro = "UPDATE ".$this->tableUserInfo." 
+            SET 
+                lastname = ?, firstname = ?, phoneNumber = ?,
+                adress = ?, zipCode = ?, city = ?,
+                degree = ?, capability = ?, description = ?
+            WHERE
+                userId = ?";
+        $reqAddInfoProJobs = "INSERT INTO ".$this->tableUserJob." 
+                (jobCategoryId, userId) 
+            VALUES 
+                (?, ?)";
+        $reqRemoveInfoProJobs = "DELETE FROM ".$this->tableUserJob."  
+            WHERE 
+                jobCategoryId = ?
+            AND 
+                userId = ?";
+        if (!$isPro) {
+            // Exécution de la requète
+            // https://www.php.net/manual/fr/function.array-values.php
+            // Pour passer de dict a list -> array_values()
+            $args = array_values($userInfos);
+            array_push($args, $userId);
+            $this->exec_cmd($reqAddInfoClient, array_push($args, $userId));
+        } else {
+            // TODO: Commenter
+            // https://stackoverflow.com/questions/15986235/how-to-use-json-stringify-and-json-decode-properly
+            $selectedJobs = json_decode(html_entity_decode($userInfos["jobs"]));
+            unset($userInfos["jobs"]);
+            $jobsAdded    = array_values(array_diff($selectedJobs, $userJobs)); 
+            $jobsRemoved  = array_values(array_diff($userJobs, $selectedJobs));
+            $args = array_values($userInfos);
+            array_push($args, $userId);
+            $this->exec_cmd($reqAddInfoPro, $args);
+            for ($i = 0; $i < count($jobsAdded); $i++) {
+                $this->exec_cmd($reqAddInfoProJobs, array($jobsAdded[$i], $userId));
+            }
+            for ($i = 0; $i < count($jobsRemoved); $i++) {
+                $this->exec_cmd($reqRemoveInfoProJobs, array($jobsRemoved[$i], $userId));
+            }
+        }
     }
 
-
     // ****************************************************************************
     // Gestion du token-autologin
     // ****************************************************************************
@@ -89,9 +125,9 @@ class DbUser extends DbMain {
         $reqCheckToken = "SELECT userId, tokenAutoLogin 
             FROM ".$this->tableUserAccount." WHERE email = ?";
         // Exécution de la requète
-        $data = $this->exec_cmd($reqCheckToken, array($email))->fetchAll(PDO::FETCH_ASSOC);
+        $result = $this->exec_cmd($reqCheckToken, array($email))->fetchAll(PDO::FETCH_ASSOC);
         // Vérifiaction de correspondance email & jeton d'auto-connection
-        foreach ($data as $rows) {
+        foreach ($result as $rows) {
             if ($rows["tokenAutoLogin"] == $token) {
                 return $rows["userId"];
             }